MS16-148: Security Update for Microsoft Office (3204068)

The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An arbitrary command execution vulnerability exists in Microsoft Office due to improper validati...

RHEL 6 / 7 : sudo (RHSA-2016:2872)

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

sudo: noexec bypass via system() and popen()

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute...

sudo: noexec bypass via wordexp()

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

openSUSE Security Update : vim (openSUSE-2016-1391)

This update for vim fixes the following security issues : - Fixed CVE-2016-1248 an arbitrary command execution vulnerability bsc1010685 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Keitai Kit for Movable Type vulnerable to OS command injection

Overview Keitai Kit for Movable Type contains an OS command injection vulnerability. Keitai Kit for Movable Type provided by ideaman's Inc. contains an OS command injection vulnerability CWE-78. CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

Security update for vim (important)

This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability bsc1010685...

Multiple I-O DATA network camera products vulnerable to OS command injection

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Apache Hadoop Arbitrary Command Execution Vulnerability

Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. An arbitrary command executio...

SUSE-SU-2016:2938-1 Security update for vim

This update for vim fixes the following security issues: - Fixed CVE-2016-1248, an arbitrary command execution vulnerability bsc1010685...

Roundcube -- arbitrary command execution

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

FreeBSD : Roundcube -- arbitrary command execution (125f5958-b611-11e6-a9a5-b499baebfeaf)

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

SUSE SLES11 Security Update : vim (SUSE-SU-2016:2938-1)

This update for vim fixes the following security issues : - Fixed CVE-2016-1248, an arbitrary command execution vulnerability bsc1010685 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...

[ASA-201611-29] neovim: arbitrary command execution

Arch Linux Security Advisory ASA-201611-29 ========================================== Severity: High Date : 2016-11-29 CVE-ID : CVE-2016-1248 Package : neovim Type : arbitrary command execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package neovim before...

Arbitrary Command Execution Vulnerability in Crowe Security Certification Gateway

Crowe Security Authentication Gateway is a user authentication, access and access control device, which can guarantee the information security of network and application resources. There is an arbitrary command execution vulnerability in the doubleview.php page of Crowe Security Gateway. An...

vim -- arbitrary command execution

Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

Veritas NetBackup Appliance Arbitrary Command Execution Vulnerability

Veritas NetBackup simplifies both the deployment and maintenance of data protection environments with a turnkey solution that is ideal for data centers, remote offices and virtual environments. A remote arbitrary command execution vulnerability exists in the Veritas NetBackup Appliance. An attack...

ansible: Command injection by compromised server via fact variables

Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

IBM BigFix Platform Remote Command Injection Vulnerability

IBM BigFix Platform formerly known as IBM Endpoint Manager, Tivoli Endpoint Manager is a set of system management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other...

Terminology Arbitrary Command Execution Vulnerability

Terminology belongs to a branch of linguistics. Terminology suffers from an arbitrary command execution vulnerability due to a failure to adequately filter user-supplied input. An attacker could be allowed to exploit this vulnerability to execute arbitrary commands...